As we detailed in our last post, cars are essentially computers on wheels. And there will soon be a lot of these connected vehicles. According to Juniper Research, by 2025 there will be 206 million automobiles with embedded connectivity, 30 million of which will be via 5G.
You may be wondering, is there some formal framework or standard to help automobile manufacturers navigate the cybersecurity challenges of the connected vehicle? As things turn out, there is.
ISO/SAE 21434
In recognition of the automotive cybersecurity challenge, the International Standard Organization (ISO), in collaboration with the Society of Automotive Engineers (SAE), created a regulatory standard to address the challenge.
The standard, ISO/SAE 21434, Road vehicles – Cybersecurity engineering, became official on August 31, 2021. So, this is a relatively new standard.
According to ISO, the standard “addresses the cybersecurity perspective in the engineering of electrical and electronic (E/E) systems within road vehicles. It will help manufacturers keep abreast of changing technologies and cyber-attack methods, and defines the vocabulary, objectives, requirements, and guidelines related to cybersecurity engineering for a common understanding throughout the supply chain.”
Perhaps the key takeaway from the standard is that it addresses the cybersecurity challenge at every stage of the vehicle development process. It’s not meant to be a final test or a bolt-on QA review. The implication is that cybersecurity will be baked into the manufacturing process, with an emphasis on process. The phases of the vehicle lifecycle addressed in the standard include the following:
- Design and engineering
- Production
- Operation by customer
- Maintenance and service
- Decommissioning
Threat Modeling in ISO/SAE 21434
When it comes to identifying cybersecurity threats, the sooner you identify them in a product’s lifecycle the better (and cheaper) it is. That’s the idea behind threat modeling: identify threats in the development phase rather than after the product is launched. It applies to computers as well as automobiles.
This raises a question. Does threat modeling fit into the ISO/SAE 21434 framework, and if so, where? The answer is yes, in two places: Clause 8 and Clause 15.
Clause 8 (Continual cybersecurity activities) includes activities that provide information for ongoing risk assessments and defines vulnerability management of E/E systems until the end of cybersecurity support. In particular, section 8.5 (Vulnerability analysis) and section 8.6 (Vulnerability management).
Clause 15 (Threat analysis and risk assessment methods) includes modular methods for analysis and assessment to determine the extent of cybersecurity risk so that treatment can be pursued. Applicable sections include 15.3 through 15.9:
15.3 Asset identification
15.4 Threat scenario identification
15.5 Impact rating
15.6 Attack path analysis
15.7 Attack feasibility rating
15.8 Risk value determination
15.9 Risk treatment decision
Clause 15 is essentially a product description for a threat modeling tool. Not only does threat modeling fit nicely into ISO/SAE 21434, but it would be difficult to be compliant without it. This standard has unofficially made threat modeling part of the vehicle manufacturing processes. And if you make automobiles, but you’re not up to speed on threat modeling, because it hasn’t been required until now, you’re probably going to need a little help.
Introducing a little help: ThreatModeler. ThreatModeler is a modern, enterprise-class threat modeling tool that is as close to one-click threat modeling as you’re likely to find. If you want to get up to speed fast on threat modeling so you can become ISO/SAE 21434 compliant fast, reach out to ThreatModeler for a free demo.
